@@ -210,136 +210,125 @@ The user is logged in and redirected back to the home page.
## Request an access token
Even though you are now logged in, placing an order still fails because the HTTP request to place the order requires a valid access token. To request an access token use the `IAccessTokenProvider` service. If requesting an access token succeeds, add it to the request with a standard Authentication header with scheme Bearer. If the token request fails, use the `NavigationManager` service to redirect the user to the authorization service to request a new token.
Even though you are now logged in, placing an order still fails because the HTTP request to place the order requires a valid access token. To request access tokens and attach them to outbound requests, use the `BaseAddressAuthorizationMessageHandler` with the `HttpClient` that you're using to make the request. This message handler will acquire access tokens using the built-in `IAccessTokenProvider` service and attach them to each request using the standard Authorization header. If an access token cannot be acquired, an `AccessTokenNotAvailableException` is thrown, which can be used to redirect the user to the login page to authorize a new token.
*BlazingPizza.Client/Pages/Checkout.razor*
To add the `BaseAddressAuthorizationMessageHandler` to our `HttpClient` in our app, we'll use the [IHttpClientFactory` helpers from ASP.NET Core](https://docs.microsoft.com/aspnet/core/fundamentals/http-requests) with a strongly typed client.
```razor
@page "/checkout"
@attribute [Authorize]
@inject OrderState OrderState
@inject HttpClient HttpClient
@inject NavigationManager NavigationManager
@inject IAccessTokenProvider TokenProvider
To create the strongly typed client, add a new `OrdersClient` class to the client project. The class should take an `HttpClient` in its constructor, and provide methods getting and placing orders:
<div class="main">
...
</div>
*BlazingPizza.Client/OrdersClient.cs*
@code {
bool isSubmitting;
async Task PlaceOrder()
```csharp
usingSystem;
usingSystem.Collections.Generic;
usingSystem.Linq;
usingSystem.Net.Http;
usingSystem.Net.Http.Json;
usingSystem.Threading.Tasks;
namespaceBlazingPizza.Client
{
publicclassOrdersClient
{
isSubmitting = true;
privatereadonlyHttpClienthttpClient;
var tokenResult = await TokenProvider.RequestAccessToken();
if (tokenResult.TryGetToken(out var accessToken))
publicOrdersClient(HttpClienthttpClient)
{
var request = new HttpRequestMessage(HttpMethod.Post, "orders");
Update the `MyOrders` and `OrderDetails` components to also make authenticated HTTP requests.
Register the `OrdersClient` as a typed client, with the underlying `HttpClient` configured with the correct base address and the `BaseAddressAuthorizationMessageHandler`.
Update each page where an `HttpClient` is used to manage orders to use the new typed `OrdersClient`. Inject an `OrdersClient` instead of an `HttpClient` and use the new client to make the API call. Wrap each call in a `try-catch` that handles exceptions of type `AccessTokenNotAvailableException` by calling the provided `Redirect()` method.